For a FortiWeb applicance in an HA group, the configurations set by
config router policy and
config router static are synchronized by all the group members, but the configurations set by
HA Mgmt Static Route or
HA Mgmt Policy route are applied only to this specific member.
Use this command to add or delete a static route that is used only by this HA member. It is useful when you want to connect this cluster member to back-end servers that are not in the server pool of the HA group.
To use this command, your administrator account’s access control profile must have
w permission to the
sysgrp area. For details, see Permissions.
|Only one default route (the static route with destination as 0.0.0.0/0) is allowed on FortiWeb appliance. For example, if you have configured a default route in System > Network > Route, then it's not allowed to configure another default route in HA route settings.
config system ha-mgmt-router-static
Enter the index number of the static route. If multiple routes match a packet, the one with the smallest index number is applied.
The valid range is 0–65,535.
|Enter the name of the network interface, such as
port1, through which traffic subject to this route will be outbound. The maximum length is 63 characters.
Enter the destination IP address and netmask of traffic that will be subject to this route, separated with a space.
To indicate all traffic regardless of IP address and netmask (that is, to configure a route to the default gateway), enter
Enter the IP address of a next-hop router.
Caution: The gateway IP address must be in the same subnet as the interface’s IP address. If you change the interface’s IP address later, the new IP address must also be in the same subnet as the interface’s default gateway address. Otherwise, all static routes and the default gateway will be lost.